mohamedsharaf · January 25, 2019 12:17 · Jan 24, 2019 · Jan 24, 2019 · Jan 3, 2019 · Jan 3, 2019
diff --git a/softether.sh b/softether.sh
@@ -84,6 +84,7 @@ EOF
 
 # Act as router
 echo "net.ipv4.ip_forward = 1" | ${SUDO} tee -a /etc/sysctl.conf
+# Tune Kernel
 echo "net.ipv4.ip_local_port_range = 1024 65535" | ${SUDO} tee -a /etc/sysctl.conf
 echo "net.ipv4.tcp_congestion_control = bbr" | ${SUDO} tee -a /etc/sysctl.conf
 echo "net.core.default_qdisc = fq_codel" | ${SUDO} tee -a /etc/sysctl.conf

diff --git a/softether.sh b/softether.sh
@@ -83,7 +83,10 @@ WantedBy=multi-user.target
 EOF
 
 # Act as router
-echo net.ipv4.ip_forward = 1 | ${SUDO} tee -a /etc/sysctl.conf
+echo "net.ipv4.ip_forward = 1" | ${SUDO} tee -a /etc/sysctl.conf
+echo "net.ipv4.ip_local_port_range = 1024 65535" | ${SUDO} tee -a /etc/sysctl.conf
+echo "net.ipv4.tcp_congestion_control = bbr" | ${SUDO} tee -a /etc/sysctl.conf
+echo "net.core.default_qdisc = fq_codel" | ${SUDO} tee -a /etc/sysctl.conf
 ${SUDO} sysctl -p
 
 # Reload service

diff --git a/softether.sh b/softether.sh
@@ -2,6 +2,19 @@
 # Register digitalocean with free credit https://m.do.co/c/4879bb02d178
 # Create vps with 5usd price
 # Tested on Ubuntu 18.10, Debian 9.6
+# How to...
+# 1. Save this file as softether-installer.sh
+# 2. chmod +x softether-installer.sh
+# 3. Run bash file
+# > ./softether-installer.sh
+# Or just 
+# > bash softether-installer.sh
+# 4. Init config vpnserver
+# > cd /usr/local/vpnserver
+# > ./vpncmd
+# Enter into local server/hub config
+# > ServerPasswordSet {yourPassword}
+# Then use SoftEther VPN Server Manager to mange your server
 
 if [ "$(whoami)" != "root" ]; then
     SUDO=sudo
@@ -29,7 +42,7 @@ ${SUDO} rm /tmp/softether-vpnserver.tar.gz
 # Move to source directory
 cd /usr/local/vpnserver
 
-# Workaround for 18.04
+# Workaround for 18.04+
 ${SUDO} sed -i 's|OPTIONS=-O2|OPTIONS=-no-pie -O2|' Makefile
 
 # Build softether
@@ -80,10 +93,4 @@ ${SUDO} systemctl enable vpnserver
 # Start service
 ${SUDO} systemctl restart vpnserver
 
-# Init config vpnserver
-# > cd /usr/local/vpnserver
-# > ./vpncmd
-# > ServerPasswordSet {yourPassword}
-# Then use SoftEther VPN Server Manager to mange your server
-
 exit 0
diff --git a/softether.sh b/softether.sh
@@ -1,6 +1,7 @@
 #!/usr/local/env bash
 # Register digitalocean with free credit https://m.do.co/c/4879bb02d178
 # Create vps with 5usd price
+# Tested on Ubuntu 18.10, Debian 9.6
 
 if [ "$(whoami)" != "root" ]; then
     SUDO=sudo

diff --git a/softether.sh b/softether.sh
@@ -32,7 +32,7 @@ cd /usr/local/vpnserver
 ${SUDO} sed -i 's|OPTIONS=-O2|OPTIONS=-no-pie -O2|' Makefile
 
 # Build softether
-make i_read_and_agree_the_license_agreement
+${SUDO} make i_read_and_agree_the_license_agreement
 
 # Change file permission
 ${SUDO} chmod 0600 * && ${SUDO} chmod +x vpnserver && ${SUDO} chmod +x vpncmd
@@ -82,7 +82,7 @@ ${SUDO} systemctl restart vpnserver
 # Init config vpnserver
 # > cd /usr/local/vpnserver
 # > ./vpncmd
-# > ServerPasswordSet yourPassword
+# > ServerPasswordSet {yourPassword}
 # Then use SoftEther VPN Server Manager to mange your server
 
 exit 0
diff --git a/softether.sh b/softether.sh
@@ -28,6 +28,9 @@ ${SUDO} rm /tmp/softether-vpnserver.tar.gz
 # Move to source directory
 cd /usr/local/vpnserver
 
+# Workaround for 18.04
+${SUDO} sed -i 's|OPTIONS=-O2|OPTIONS=-no-pie -O2|' Makefile
+
 # Build softether
 make i_read_and_agree_the_license_agreement
 

diff --git a/softether.sh b/softether.sh
@@ -1,11 +1,16 @@
 #!/usr/local/env bash
 # Register digitalocean with free credit https://m.do.co/c/4879bb02d178
 # Create vps with 5usd price
+
+if [ "$(whoami)" != "root" ]; then
+    SUDO=sudo
+fi
+
 # Update system
-apt-get update && apt-get -y upgrade
+${SUDO} apt-get update && ${SUDO} apt-get -y upgrade
 
 # Get build tools
-apt-get -y install build-essential wget curl gcc make wget tzdata git libreadline-dev libncurses-dev libssl-dev zlib1g-dev
+${SUDO} apt-get -y install build-essential wget curl gcc make wget tzdata git libreadline-dev libncurses-dev libssl-dev zlib1g-dev
 
 # Define softether version
 RTM=$(curl http://www.softether-download.com/files/softether/ | grep -o 'v[^"]*e' | grep rtm | tail -1)
@@ -15,10 +20,10 @@ IFS='-' read -ra RTMS <<< "${RTM}"
 wget "http://www.softether-download.com/files/softether/${RTMS[0]}-${RTMS[1]}-${RTMS[2]}-${RTMS[3]}-${RTMS[4]}/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-${RTMS[0]}-${RTMS[1]}-${RTMS[2]}-${RTMS[3]}-linux-x64-64bit.tar.gz" -O /tmp/softether-vpnserver.tar.gz
 
 # Extract softether source
-tar -xzvf /tmp/softether-vpnserver.tar.gz -C /usr/local/
+${SUDO} tar -xzvf /tmp/softether-vpnserver.tar.gz -C /usr/local/
 
 # Remove unused file
-rm /tmp/softether-vpnserver.tar.gz
+${SUDO} rm /tmp/softether-vpnserver.tar.gz
 
 # Move to source directory
 cd /usr/local/vpnserver
@@ -27,11 +32,11 @@ cd /usr/local/vpnserver
 make i_read_and_agree_the_license_agreement
 
 # Change file permission
-chmod 0600 * && chmod +x vpnserver && chmod +x vpncmd
+${SUDO} chmod 0600 * && ${SUDO} chmod +x vpnserver && ${SUDO} chmod +x vpncmd
 
 # Link binary files
-ln -s /usr/local/vpnserver/vpnserver /usr/local/bin/vpnserver
-ln -s /usr/local/vpnserver/vpncmd /usr/local/bin/vpncmd
+${SUDO} ln -s /usr/local/vpnserver/vpnserver /usr/local/bin/vpnserver
+${SUDO} ln -s /usr/local/vpnserver/vpncmd /usr/local/bin/vpncmd
 
 # Add systemd service
 cat <<EOF >/lib/systemd/system/vpnserver.service
@@ -61,15 +66,15 @@ WantedBy=multi-user.target
 EOF
 
 # Act as router
-echo net.ipv4.ip_forward = 1 | sudo tee -a /etc/sysctl.conf
-sysctl -p
+echo net.ipv4.ip_forward = 1 | ${SUDO} tee -a /etc/sysctl.conf
+${SUDO} sysctl -p
 
 # Reload service
-systemctl daemon-reload
+${SUDO} systemctl daemon-reload
 # Enable service
-systemctl enable vpnserver
+${SUDO} systemctl enable vpnserver
 # Start service
-systemctl restart vpnserver
+${SUDO} systemctl restart vpnserver
 
 # Init config vpnserver
 # > cd /usr/local/vpnserver

diff --git a/softether.sh b/softether.sh
@@ -9,7 +9,7 @@ apt-get -y install build-essential wget curl gcc make wget tzdata git libreadlin
 
 # Define softether version
 RTM=$(curl http://www.softether-download.com/files/softether/ | grep -o 'v[^"]*e' | grep rtm | tail -1)
-IFS='-' read -r -a RTMS <<< "${RTM}"
+IFS='-' read -ra RTMS <<< "${RTM}"
 
 # Get softether source
 wget "http://www.softether-download.com/files/softether/${RTMS[0]}-${RTMS[1]}-${RTMS[2]}-${RTMS[3]}-${RTMS[4]}/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-${RTMS[0]}-${RTMS[1]}-${RTMS[2]}-${RTMS[3]}-linux-x64-64bit.tar.gz" -O /tmp/softether-vpnserver.tar.gz

diff --git a/softether.sh b/softether.sh
@@ -1,4 +1,6 @@
 #!/usr/local/env bash
+# Register digitalocean with free credit https://m.do.co/c/4879bb02d178
+# Create vps with 5usd price
 # Update system
 apt-get update && apt-get -y upgrade
 

diff --git a/softether.sh b/softether.sh
@@ -44,6 +44,7 @@ ExecStart=/usr/local/vpnserver/vpnserver start
 ExecStop=/usr/local/vpnserver/vpnserver stop
 KillMode=process
 Restart=on-failure
+WorkingDirectory=/usr/local/vpnserver
 
 # Hardening
 PrivateTmp=yes

diff --git a/softether.sh b/softether.sh
@@ -69,6 +69,7 @@ systemctl enable vpnserver
 systemctl restart vpnserver
 
 # Init config vpnserver
+# > cd /usr/local/vpnserver
 # > ./vpncmd
 # > ServerPasswordSet yourPassword
 # Then use SoftEther VPN Server Manager to mange your server

diff --git a/softether.sh b/softether.sh
@@ -68,7 +68,9 @@ systemctl enable vpnserver
 # Start service
 systemctl restart vpnserver
 
-# vpncmd
-# ServerPasswordSet yourPassword
+# Init config vpnserver
+# > ./vpncmd
+# > ServerPasswordSet yourPassword
+# Then use SoftEther VPN Server Manager to mange your server
 
 exit 0
diff --git a/softether.sh b/softether.sh
@@ -3,7 +3,7 @@
 apt-get update && apt-get -y upgrade
 
 # Get build tools
-apt-get -y install build-essential wget curl gcc make wget tzdata git libreadline-dev libncurses-dev libssl-dev
+apt-get -y install build-essential wget curl gcc make wget tzdata git libreadline-dev libncurses-dev libssl-dev zlib1g-dev
 
 # Define softether version
 RTM=$(curl http://www.softether-download.com/files/softether/ | grep -o 'v[^"]*e' | grep rtm | tail -1)

diff --git a/softether.sh b/softether.sh
@@ -3,7 +3,7 @@
 apt-get update && apt-get -y upgrade
 
 # Get build tools
-apt-get -y install build-essential wget curl
+apt-get -y install build-essential wget curl gcc make wget tzdata git libreadline-dev libncurses-dev libssl-dev
 
 # Define softether version
 RTM=$(curl http://www.softether-download.com/files/softether/ | grep -o 'v[^"]*e' | grep rtm | tail -1)

diff --git a/softether.sh b/softether.sh
@@ -36,11 +36,22 @@ cat <<EOF >/lib/systemd/system/vpnserver.service
 [Unit]
 Description=SoftEther VPN Server
 After=network.target
+ConditionPathExists=!/usr/local/vpnserver/do_not_run
 
 [Service]
 Type=forking
 ExecStart=/usr/local/vpnserver/vpnserver start
 ExecStop=/usr/local/vpnserver/vpnserver stop
+KillMode=process
+Restart=on-failure
+
+# Hardening
+PrivateTmp=yes
+ProtectHome=yes
+ProtectSystem=full
+ReadOnlyDirectories=/
+ReadWriteDirectories=-/usr/local/vpnserver
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_ADMIN CAP_SETUID
 
 [Install]
 WantedBy=multi-user.target

diff --git a/softether.sh b/softether.sh
@@ -57,7 +57,7 @@ systemctl enable vpnserver
 # Start service
 systemctl restart vpnserver
 
-# vpmcmd
+# vpncmd
 # ServerPasswordSet yourPassword
 
 exit 0
diff --git a/softether.sh b/softether.sh
@@ -57,4 +57,7 @@ systemctl enable vpnserver
 # Start service
 systemctl restart vpnserver
 
+# vpmcmd
+# ServerPasswordSet yourPassword
+
 exit 0
diff --git a/softether.sh b/softether.sh
@@ -47,7 +47,9 @@ WantedBy=multi-user.target
 EOF
 
 # Act as router
-echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
+echo net.ipv4.ip_forward = 1 | sudo tee -a /etc/sysctl.conf
+sysctl -p
+
 # Reload service
 systemctl daemon-reload
 # Enable service

diff --git a/softether.sh b/softether.sh
@@ -46,6 +46,8 @@ ExecStop=/usr/local/vpnserver/vpnserver stop
 WantedBy=multi-user.target
 EOF
 
+# Act as router
+echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
 # Reload service
 systemctl daemon-reload
 # Enable service

diff --git a/softether.sh b/softether.sh
@@ -1,15 +1,16 @@
 #!/usr/local/env bash
-# Define softether version
-VERSION='v4.20-9608-rtm-2016.04.17'
-
 # Update system
-apt-get update && apt-get -y full-upgrade
+apt-get update && apt-get -y upgrade
 
 # Get build tools
-apt-get -y install build-essential iptables
+apt-get -y install build-essential wget curl
+
+# Define softether version
+RTM=$(curl http://www.softether-download.com/files/softether/ | grep -o 'v[^"]*e' | grep rtm | tail -1)
+IFS='-' read -r -a RTMS <<< "${RTM}"
 
 # Get softether source
-wget http://www.softether-download.com/files/softether/${VERSION}-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-${VERSION}-linux-x64-64bit.tar.gz -O /tmp/softether-vpnserver.tar.gz
+wget "http://www.softether-download.com/files/softether/${RTMS[0]}-${RTMS[1]}-${RTMS[2]}-${RTMS[3]}-${RTMS[4]}/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-${RTMS[0]}-${RTMS[1]}-${RTMS[2]}-${RTMS[3]}-linux-x64-64bit.tar.gz" -O /tmp/softether-vpnserver.tar.gz
 
 # Extract softether source
 tar -xzvf /tmp/softether-vpnserver.tar.gz -C /usr/local/
@@ -24,7 +25,7 @@ cd /usr/local/vpnserver
 make i_read_and_agree_the_license_agreement
 
 # Change file permission
-chmod 0600 * && chmod 0700 vpnserver && chmod 0700 vpncmd
+chmod 0600 * && chmod +x vpnserver && chmod +x vpncmd
 
 # Link binary files
 ln -s /usr/local/vpnserver/vpnserver /usr/local/bin/vpnserver

diff --git a/softether.sh b/softether.sh
@@ -0,0 +1,55 @@
+#!/usr/local/env bash
+# Define softether version
+VERSION='v4.20-9608-rtm-2016.04.17'
+
+# Update system
+apt-get update && apt-get -y full-upgrade
+
+# Get build tools
+apt-get -y install build-essential iptables
+
+# Get softether source
+wget http://www.softether-download.com/files/softether/${VERSION}-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-${VERSION}-linux-x64-64bit.tar.gz -O /tmp/softether-vpnserver.tar.gz
+
+# Extract softether source
+tar -xzvf /tmp/softether-vpnserver.tar.gz -C /usr/local/
+
+# Remove unused file
+rm /tmp/softether-vpnserver.tar.gz
+
+# Move to source directory
+cd /usr/local/vpnserver
+
+# Build softether
+make i_read_and_agree_the_license_agreement
+
+# Change file permission
+chmod 0600 * && chmod 0700 vpnserver && chmod 0700 vpncmd
+
+# Link binary files
+ln -s /usr/local/vpnserver/vpnserver /usr/local/bin/vpnserver
+ln -s /usr/local/vpnserver/vpncmd /usr/local/bin/vpncmd
+
+# Add systemd service
+cat <<EOF >/lib/systemd/system/vpnserver.service
+[Unit]
+Description=SoftEther VPN Server
+After=network.target
+
+[Service]
+Type=forking
+ExecStart=/usr/local/vpnserver/vpnserver start
+ExecStop=/usr/local/vpnserver/vpnserver stop
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+# Reload service
+systemctl daemon-reload
+# Enable service
+systemctl enable vpnserver
+# Start service
+systemctl restart vpnserver
+
+exit 0
No results found